Configuring the General Tab

This section provides instructions for configuring the General tab,
which is available as part of the task template configuration process. For
instructions on how to start the configuration process see Configuring the Task Templates.

Note –

In the Administrator interface, the pages for editing the Create
User Template and Update User Template are identical, so configuration instructions
are provided in one section.

For the Create User or Update User Templates

When you open either the Edit Task Template Create User Template form
or the Edit Task Template Update User Template form, the General tab page
displays by default. This page consists of a Task Name text field and a Insert
an attribute menu, as shown in Figure 9–4.
For instructions on how to start the configuration process see the Configuring the Task Templates section.

To Change the Default Task Name

The Task Name menu provides a list of attributes that are currently
defined for the view associated with the task configured by this template.
Select an attribute from the menu (optional).

Identity Manager appends
the attribute name to the entry in the Task Name field. For example:

Create user $(accountId) $(user.global.email)

When you are finished, you can

Select a different tab to continue editing the templates.

Click Save to save your changes and return to the Configure
Tasks page.

The new task name will display in the Identity Manager task
bar, located at the bottom of the Home and Accounts tabs.

Click Cancel to discard your changes and return to the Configure
Tasks page.

For the Delete User Template

When you open the Edit Task Template ’Delete User Template' page
the General tab page displays by default. (For instructions on how to start
the configuration process see Configuring the Task Templates.)

To Specify How User Accounts Are Deleted/Deprovisioned

Use the Delete Identity Manager Account buttons to specify whether
an Identity Manager account can be deleted during a delete operation.

These buttons include:

Never. Select to prevent
accounts from being deleted.

Only if user has no linked accounts
after deprovisioning. Select to allow user account deletions only
if there are no linked resource accounts after deprovisioning.

Always. Select to always
allow user account deletions, even if there are still resource accounts assigned.

Use the Resource Accounts Deprovisioning boxes to control resource
account deprovisioning for all resource accounts.

Note –

Unassigning or unlinking an external resource
from a user does not generate a provisioning request or a work item. When
you unassign or unlink an external resource Identity Manager does not deprovision
or delete that resource account, so there is nothing for you to do.

These boxes include:

Delete All. Enable this
box to delete all accounts representing the user on all assigned resources.

Unassign All. Enable this
box to unassign all resource accounts from the user. The resource accounts
will not be deleted.

Unlink All. Enable this
box to break all links from the Identity Manager system to the resource accounts.
Users with accounts that are assigned but not linked will display with a badge
to indicate that an update is required.

These controls override the behaviors in the Individual Resource Accounts
Deprovisioning table.

Use the Individual Resource Accounts Deprovisioning boxes to allow
a more fine-grained approach to user deprovisioning (compared to Resource
Accounts Deprovisioning).

These boxes include:

Delete. Enable this box
to delete the account that represents the user on the resource.

Unassign. Enable this box
and the user will no longer be assigned directly to the resource. The resource
account will not be deleted.

Unlink. Enable this box
to break the link from the Identity Manager system to the resource accounts.
Users with accounts that are assigned but not linked will display with a badge
to indicate that an update is required.

The Individual Resource Accounts Deprovisioning options
are useful if you want to specify a separate deprovisioning policy for different
resources. For example, most customers do not want to delete Active Directory
users because each user has a global identifier that can never be re-created
following deletion. However, in environments where new resources are added,
you might not want to use this option because the deprovisioning configuration
would have to be updated every time you add a new resource.